LLW2018: The FSFE brings together top legal experts to debate about
cross-cutting legal and licensing issues around Free Software

më: 2018-05-30

Shkruar nga Polina Malaja

Following more than a decade long tradition, the
FSFE once again led its annual Free Software Legal and Licensing
Workshop (LLW) in 2018: a meeting point for world-leading legal experts
to debate issues and best practices surrounding Free Software licences.
This year we decided to bring the event back to its roots and emphasise
the "Workshop" part in its original title: around 120 legal experts
gathered for a 3-day conference in Barcelona, Spain with an
unprecedented amount of parallel tracks and interactive sessions
designed to dive into the most contentious topics in the legal world of
Free Software.

Traditionally, the whole event is covered under the
Chatham House
Rule, enabling confidential discussions under fair terms for all the participants.
However, the part of the conference not covered by Chatham House Rule
(as explicitly stated by speakers) was reflected in a series of articles
by Jake Edge from LWN.net, who wrote about the following discussions
that had taken place during the LLW2018:

Marcus von Welser and Armijn Hemel gave an overview of the recent GPL
compliance case in Germany, where
Patrick McHardy claimed that the company Geniatech violated his
copyright in Linux kernel. The regional court in Cologne (Germany),
where the case was brought into action in 2017 initially granted McHardy
the injunction and obliged Geniatech to stop from distributing any
version of the kernel. Geniatech appealed the injunction on the grounds
of being too broad and restrictive, as Patrick McHardy cannot be
perceived as a co-author of Linux kernel, as he claimed. In fact, his
contributions to Linux kernel under GPL v.2 could only be considered as
adaptations under German copyright law which gives him right to claim
the discontinuation of distributing kernel versions with his
modifications only. According to Marcus von Welser, there are more than
100 officially released versions of the kernel that do not include any
contributions from McHardy. By ordering Geniatech not to distribute any
version of the kernel, the court was covering kernels that were not even
part of the dispute with McHardy. After an oral hearing at the higher
regional court of Cologne in March 2018, McHardy eventually withdrew his
application for an injunction. The case shows that there is a need for a
wider information exchange on how to build adequate legal defense
strategies against copyright trolls.

Dirk Hohndel presented the challenges of compliance of container
images. With containers being a hot
topic, there are many issues with container images and their compliance,
according to Hohndel. Primarily, it is a common practice to just copy a
container image from random internet locations, ignoring licences.
According to Hohndel, such practice is not only a security nightmare but
also a "rabbit hole" in terms of identifying what is actually shipped in
such containers. While it is already hard to figure out which packages
are included in the build, it is even harder to fix any compliance
issues after you have identified any. The version and which patches are
applied are also difficult to determine. Beyond that, the licences
under which those packages are distributed are not obvious. This is why
it is important to train software developers about the pitfalls of the
container build systems, according to Hohndel. Additionally, containers
need to be built with good compliance practices in mind: for example,
starting from a base that has known-good package versions, corresponding
source code, and licences. Needles to say, the anti-pattern of
installing container images from random internet locations has to be
avoided.

Mike Dolan presented the Community
Data Licence Agreement, a legal instrument to enable sharing relevant
data for applications like machine learning, blockchains, and open
geolocation, similarly to how Free Sofware licences work for software.
The idea behind the CDLA is to share data openly using the knowledge
acquired from decades of sharing source code. There are two types of
agreements in CDLA inspired by copyleft and non-copyleft licences for
software. Solely applying Free Software licences to data is not optimal,
as there are fundamental differences between data and source code, and
this is why a separate legal instrument is needed in order to address
issues that are data-specific. For example, data can be perpetual and
this is why it might be impossible to recreate the same conditions under
which such data was gathered. That means the license under which such
data is released may be critical to how it can be used decades or even
centuries from now.

Participants were also updated about recent developments and the
Appeal's court's reasoning in the on-going legal battle between Oracle
and Google over latter's use of Java application programming interfaces
(APIs) in its Android operating system. It is long-standing tradition to
borrow APIs from different products in software development in order to
ensure compatibility between programs. In short, an API allows two or
more programs to speak to each other by using common specifications.
Oracle brought a legal action against Google back in 2012 claiming its
copyright violation over the use of APIs written in Java. In 2012, a
district court ruled that APIs are not subject to copyright. That
decision was overturned by an appeals court and returned to the same
district court. In 2016, the jury ruled that Google’s use of the Java
APIs qualified as permitted "fair use" under US law. Oracle appealed the
jury decision, stating that Google copied former's APIs solely for
commercial purposes, copied thousands more lines of code than necessary,
as well as lured Oracle's customers from licensing Java SE to switching
to Android because Google provided free access to it. In March 2018, the
appeals court sided with Oracle and ruled that Google's use of Java APIs
in question was not fair as a matter of law. While the case is far from
over, as Google can further appeal the decision in the Supreme court, it
may set a precedent for software development in general.

Artificial intelligence (AI) and automated decision making and its
connection to Free Software in the 21st century was another topic for a
debate during the conference. When it comes to generalisation of
automated decision making, we need to look beyond a Free Software
licence to meaningfully address all the issues affecting users' rights.
In the workshop discussion, participants concluded that automated
decision making raises points that are not easy to solve. In particular,
we expect every automated decision that affects humans to be accompanied
by a human understandable explanation of why this decision was made. For
machine learning techniques, and in particular deep learning, there is
little understanding on how to ensure that AI is explainable, and it is
currently an active area for research. There are also challenges when it
comes to transparency and accountability of decision making processes.
In particular cases, this criterion is impossible to achieve, e.g. by
providing full access to medical history of a population used to train
certain algorithms.

In another interactive workshop session, the participants gathered
to identify and address the common legal pitfalls for public
procurement of Free Software. The participants first identified a few
real-life cases on how Free Software procurement process can be
regulated. A legal requirement to prioritise procurement of Free
Software (like it is the case in Italy) is a good option for more Free Software in
public sector in law and theory. However, the Italian case lacks the
practical implementation, as the law does not foresee sufficient
sanctions in case of non-compliance. Another case comes from town of
Barcelona, Spain, where advanced policies and guidelines for procuring
Free Software for public sector are adopted on the local municipality
level. In case of Barcelona, the decision to move towards more Free
Software in public sector is made by procuring public authorities
themselves, rather than by a top-down legislative requirement. The
downside of such a "soft law", however, is the uncertainty of positive
procurement policies once the mandate of politicians runs out. There
is, therefore, a need for a culture change in public administrations
and a strong political will to change existing preconditions in public
procurement.

The workshop would not have been possible without the generous support
of all the event's sponsors. In particular, we would like to thank our
Platinum Sponsors: Intel, Red Hat, and The Linux Foundation.